Healthcare and Technology news
49.0K views | +6 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

Healthcare Providers & Vendors Need HIPAA Cloud Solution!

Healthcare Providers & Vendors Need HIPAA Cloud Solution! | Healthcare and Technology news | Scoop.it

Cloud solutions are quickly becoming the new norm for the way businesses operate today. Many companies are moving from legacy software systems to online “hosted” alternatives, such as SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service) or IaaS (Infrastructure-as-a-Service). The benefits of cloud-based solutions over desktop software are wide-ranging, affecting everything from productivity to data security. Healthcare organizations also need to take the appropriate precautions to ensure that they have a HIPAA compliance cloud.

 

It makes sense to see why so many organizations are adopting cloud-based solutions–improved efficiency, flexibility, cost reduction, mobility, as well as around the clock support are all driving forces behind the growth of cloud services.

 

Yet, HIPAA compliance cloud services also raise some concerns in regards to security and compliance, which go hand-in-hand to help organizations keep their sensitive healthcare data safe. For businesses operating in the healthcare industry, which accounts for approximately one-fifth of the US economy, these concerns escalate due to HIPAA regulatory requirements that mandate the privacy and security of patients’ protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include names, dates of birth, Social Security numbers, phone numbers, medical records, and full facial photos, to name a few.

 

HIPAA applies to covered entities, such as providers and insurance plans, as well as business associates who perform certain functions for, or on behalf of another health care organization that involves receiving, maintaining, or transmitting PHI.

 

For example, a cloud service provider (CSP) who are involved in handling PHI for a covered entity whether it is data storage or a complete software solution such as a hosted electronic medical record system, are still considered a business associate and need to implement a HIPAA compliance cloud.

HIPAA Compliance in the Cloud

In a nutshell, both covered entities and business associates need a HIPAA compliance cloud that allows for the creation of an effective compliance programThe Department of Health and Human Services (HHS) released detailed, five-step guidance on cloud computing that parties must adhere to in order to maintain HIPAA compliant relationships. This HHS guidance on HIPAA compliance cloud services includes:

 

  1. Execute a Business Associate Agreement– A business associate agreement outlines what business associates can and cannot do with the PHI they access, how they will protect that PHI, how they will prevent PHI disclosure, and the appropriate method for reporting a breach of PHI  if one would occur. It also defines liability in the event of a data breach.
  2. Conduct a HIPAA Security Risk Assessment– The covered entity or business associate that works with a cloud service provider must document the cloud computing environment and security solutions put in place by the cloud service provider as part of their risk management policies.
  3. Abide by the HIPAA Privacy Rule– A covered entity must enforce proper safeguards in order to keep PHI safe and information can only be disclosed to a business associate after a business associate agreement has been executed.
  4. Implement HIPAA Security Safeguards– A business associate must comply with all three key security safeguards outlined in the HIPAA Security Rule: Physical, Technical and Administrative.
  5. Adhere to the HIPAA Breach Notification Rule- In the event of a data breach, covered entities and business associates are required to document and investigate the incident. All breaches must be reported to HHS OCR. All affected parties must be notified as well.

 

The only exception to the Breach Notification Rule is if the data was properly encrypted. If, for example, a properly encrypted device containing PHI goes missing, then there is a low probability that the data will be accessible by an unauthorized user. In this case, a breach will not have to be reported under the provisions of the Breach Notification Rule.

 

However, it is crucial that all HIPAA covered entities and business associates read the standards outlined in the regulation to determine the proper level of HIPAA encryption for different modes of data storage and transmission.

 

If a covered entity does not execute a Business Associate Agreement with a third party vendor with whom they share PHI, both organizations are leaving themselves exposed to a significant risk of HIPAA violations.

A HIPAA Compliant Cloud Will Save You Money

Data breaches are very costly–not only due to monetary penalties but also because of the long-lasting reputational damage a breach can have on an organization.

 

HIPAA breach fines can range anywhere from $100 to $50,000 per violation or record, with up to a maximum of $1.5 million per violation. When multiple violations or a large scale data breach occurs, these fines can compound and lead to millions of dollars in HIPAA fines. As if that isn’t bad enough, breaches are publicly listed on the “Wall of Shame,” maintained and enforced by HHS OCR. This list shows all HIPAA breaches affecting 500 or more individuals. Even worse, some HIPAA violations can lead to criminal charges, carrying the potential for jail time.

 

In order to avoid violations and fines, healthcare providers and business associates must comply with HIPAA regulations which means protecting the security and privacy of their patients.

Compliance Group Can Help!

Compliance Group helps healthcare professionals and business associates effectively address their HIPAA compliance with our cloud-based app, The Guard. The Guard allows users to achieve, illustrate, and maintain compliance, addressing everything that the law requires.

 

Users are paired with one of our expert Compliance Coaches. They will guide you through every step of the process and answer any questions you may have along the way. Compliance Group simplifies compliance so you can get back to confidently running your business.

 

And in the event of a data breach or HIPAA audit, our Audit Response Team works with users through the entire documentation and reporting process. At Compliance Group, we go above and beyond to help demonstrate your good faith effort toward HIPAA compliance.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Your keys to safer, even more secure healthcare cloud services

Your keys to safer, even more secure healthcare cloud services | Healthcare and Technology news | Scoop.it

In my last HealthBlog post, I made the case that we need to focus more on simplicity in healthcare and health IT. Simplicity should be the watchword for solutions in 2015. Thus far, many technology, business and delivery system solutions in the healthcare sector seem to be making life harder instead of better. Isn’t technology supposed to help set us free?

I think cloud computing and storage falls into the category of something that should make health IT solutions better, more scalable, easier to manage, easier to use, and less costly. Now, I’ll admit that when the world first started talking about cloud computing for healthcare, I was a bit of a skeptic. However, I also know that both IT leaders and clinicians have long been seeking solutions that don’t take a basement full of servers and a large staff of IT professionals to manage. “Plug and Play” is a much better strategy for healthcare if you can find it. For that reason alone, health customers around the world have been migrating more and more of their IT to the cloud. The cloud delivers greater simplicity and helps lower costs.

Of course in healthcare, especially where personally identifiable health information is at play, you can’t just focus on simplicity without paying a whole lot of attention to privacy and security. If anything keeps healthcare organizations at distance from considering public cloud solutions for their IT needs, it is concerns about that. Many of those concerns can be addressed by working with IT providers that are fully HIPAA aware and willing to sign Business Associate Agreements (BAA) with their clients. But I think health organization IT leaders are seeking even more assurance than that when they turn over their precious data for safe keeping with a public cloud services provider. They are also seeking world-class tools to help manage the services and data they are trusting to the cloud. That’s why today’s announcement from Microsoft is good news for hospitals and health organizations. Forgive me if this is a bit techie, but I know IT professionals will fully appreciate the news about something we are calling Azure Key Vault.

Azure Key Vault helps customers safeguard and control keys and secrets using a Hardware Security Module (HSM) appliance in the cloud, with ease and at cloud-scale. Key Vault can be configured in minutes, without the need to deploy, wait for, or manage an HSM and has a single programming model across HSM-protected and software-protected keys.

This makes it easier and more economical for customers to encrypt sensitive data, sign certificates, and safeguard secrets in the cloud. For example, with Key Vault, customers can easily encrypt a SQL Server Virtual Machine with TDE (Transparent Data Encryption) using the SQL Server Connector available for Key Vault. Furthermore, customers can deploy an encrypted Virtual Machine with CloudLink SecureVM with the master keys in Key Vault.

So, there you have it. One more reason for hospitals and healthcare systems to turn to the cloud to simplify what they do and help IT departments focus more on their organization’s core business (patient care) and less on projects to maintain complex IT infrastructure and storage.

more...
No comment yet.
Scoop.it!

Healthcare taps cloud in record numbers | Healthcare IT News

Healthcare taps cloud in record numbers | Healthcare IT News | Healthcare and Technology news | Scoop.it
Don't dismiss the healthcare industry as one of the last to innovate quite yet. When it comes to adopting cloud technology, it is actually ahead of the game, according to a new report. 
 
In fact, according to the Dell-conducted survey, which took the pulse of technology adoption levels across multiple industries, the lion's share of mid-sized healthcare organizations – some 96 percent of them – are using or seriously considering using the cloud. 


 
What's more, despite many industries citing serious security concerns over how data is held in the cloud, the majority of healthcare leaders – some 64 percent to be exact – utilizing private cloud technology say they are "very confident" the data is adequately protected. This compared to 52 percent of survey respondents across all industries who point to security as the biggest barrier to moving forward with cloud computing
 
 
In terms of priorities for the healthcare industry, there are three top of mind, Dell officials outlined. The first pertained to making information technology more cost efficient. Upgrading outdated infrastructure and further optimizing data centers were also cited as serious priorities.
 
In terms of where healthcare organizations find the real value in the cloud, the answers prove diverse. Nearly 50 percent of respondents in a HIMSS Analytics report earlier this year said their organization gets their value from "augmentation of technology capabilities or capacity." Also top of the list were financial metrics – at 46 percent – and the time to deploy the solution, at 45 percent. A significant portion of industry professionals also pointed to greater workforce productivity after cloud technology was implemented.  
 
For David Tomlinson, chief information officer and CFO at the Illinois-based Centegra Health System, it just made sense to make the move from an in-house storage solution to an outsourced cloud platform. 
 
"We gain control over storage costs and avoid future data migrations by centralizing our data in the cloud with the Dell Unified Clinical Archive," he said in a Dec. 16 statement. "Our first concern with using the cloud was security, and our second was about backups. How would we access information if our connections went down?" But once he and his team worked through the security piece of this, that's when they made the switch. 
 
Despite the overwhelming majority of healthcare organizations using or expressing interest in using cloud technology, the security concerns are very real, many officials point out. There are many industry professionals who don't yet sing the praises of the technology.
 
"Most cloud vendors have huge servers and are carving pieces up to give to customers," said Chris Logan, chief information security officer of Care New England. "The thing that scares me about that is, what if the controls aren’t in place and my data slips into somebody else's environment, or their data slips into my environment? What's the downstream issue there? What's the effect? It’s significant."
 
On top of the security issues, the cloud can also cost providers a pretty penny. In the HIMSS Analytics cloud report, nearly 20 percent of healthcare organizations cited costs and fees associated with the cloud as one of the biggest challenges with their cloud providers. 



more...
No comment yet.
Scoop.it!

IBM Announces Deal to Acquire Both Phytel and Explorys; Goal Is Data Transformation

IBM Announces Deal to Acquire Both Phytel and Explorys; Goal Is Data Transformation | Healthcare and Technology news | Scoop.it

Senior executives at the Armonk, N.Y.-based IBM announced in a press conference held on Monday afternoon, April 13, at the McCormick Place Convention Center in Chicago, during the course of the HIMSS Conference, that it was acquiring both the Dallas-based Phytel and the Cleveland-based Explorys, in a combination that senior IBM executives said held great potential for the leveraging of data capabilities to transform healthcare.


Both Phytel, a leading population health management vendor, and Explorys, a healthcare intelligence cloud firm, will become part of the new Watson Health unit, about which IBM said, “IBM Watson Health is creating a more complete and personalized picture of health, powered by cognitive computing. Now individuals are empowered to understand more about their health, while doctors, researchers, and insurers can make better, faster, and more cost-effective decisions.


In its announcement of the Phytel acquisition, the company noted that, “The acquisition once completed will bolster the company’s efforts to apply advanced analytics and cognitive computing to help primary care providers, large hospital systems and physician networks improve healthcare quality and effect healthier patient outcomes.”


And in its announcement of the Explorys acquisition, IBM noted that, “Since its spin-off from the Cleveland Clinic in 2009, Explorys has secured a robust healthcare database derived from numerous and diverse financial, operational and medical record systems comprising 315 billion longitudinal data points across the continuum of care. This powerful body of insight will help fuel IBM Watson Health Cloud, a new open platform that allows information to be securely de-identified, shared and combined with a dynamic and constantly growing aggregated view of clinical, health and social research data.”


Mike Rhodin, senior vice president, IBM Watson, said at Monday’s press conference, “Connecting the data and information is why we need to pull the information together into this [Watson Health]. So we’re extending what we’ve been doing with Watson into this. We’re bringing in great partners to help us fulfill the promise of an open platform to build solutions to leverage data in new ways. We actually believe that in the data are the answers to many of the diseases we struggle with today, the answers to the costs in healthcare,” he added. “It’s all in there, it’s all in silos. All this data needs to be able to be brought into a HIPAA-secured, cloud-enabled framework, for providers, payers, everyone. To get the answers, we look to the market, we look to world-class companies, the entrepreneurs who had the vision to begin to build this transformation.”

more...
No comment yet.
Scoop.it!

Health IT outsourcing poised for growth in 2015, beyond

Health IT outsourcing poised for growth in 2015, beyond | Healthcare and Technology news | Scoop.it

The market for IT outsourcing in healthcare and life sciences is expected increase at an 8.6 percent compound annual growth rate through 2019, with the adoption of cloud-based services among the major trends, according to global research firm TechNavio.

Organizations might be outsourcing just a few applications or their whole IT operations, relying on managed services to eliminate the need for an in-house IT staff. IT outsourcing helps healthcare providers to deploy business applications rapidly and focus on their core business.

Hospitals and clinics, which have difficulty keeping with up myriad changing government regulations, tend to outsource applications related to operations, finance, database management and infrastructure, according to the report. This outsourcing helps to reduce operational and maintenance costs.

The report also points to the rise in use of predictive and content analytics for clinical and operational insights.

By 2020, 80 percent of healthcare data will pass through the cloud at some point in its lifetime as providers increasingly turn to the cloud for data collection, aggregation, analytics and decision-making, IDC Health Insights recently predicted.

IDC also estimated that half of health and life science buyers by 2018 will demand substantial risk sharing with their outsourcing partners.

Hospitals increasingly plan to outsource coding efforts in the coming year, according to a survey published by Black Book Rankings, which found in a separate survey that a majority of hospital CFOs plan to either outsource or purchase new revenue cycle management software by the end of 2015.

Dick Escue, CIO of Valley View Hospital in Colorado, made the case for buying effective services, not mega-expensive hardware, in a November article published at Becker's Health IT & CIO Review.

Yet Peter Odegard, information security officer at Children's Hospitals and Clinics of Minnesota, told FierceHealthIT that it's increasingly difficult for hospitals to keep track of all the vendor partners that host, store or analyze data, adding to the complexity of security patient data.


more...
No comment yet.